Versions Compared

Old Version 1

changes.mady.by.user Annegret Bernhardt

Saved on

compared with

New Version Current

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The JWT Policy helps you to validate JSON Web Tokens (JWT) by providing a signing key or a JSON Web Key Set (JWK(S)). You can also require claims and strip them to forward them as header to the backend API.

Note

Do not use the JWT policy together with the other authentication policies Keycloak OAuth and BASIC Authentication. The chaining of these policies does not currently work, but this may change in future versions.

Tip

Use the links in the field description to access more information on the related subjects.

Configuration Options

OptionDescriptionPossible ValuesDefault
Require JWT

Specify whether request should be terminate if no JWT is provided.

Multiexcerpt include
SpaceWithExcerptINTERNAL
MultiExcerptNamenote_require_true
PageWithExcerptINTERNAL:_api_excerpts

  • true: Terminate request if no JWT is provided (default).
  • false: Do not terminate request if no JWT is provided.
true
Require Signed JWT (JWS)

Specify whether JWTs must be cryptographically signed and verified (JWS).

Multiexcerpt include
SpaceWithExcerptINTERNAL
MultiExcerptNameapi_enable_option
PageWithExcerptINTERNAL:_api_excerpts

  • true: Require JWTs be cryptographically signed and verified (JWS, default).
  • false: Do not require JWTs be cryptographically signed and verified.
true
Require Transport Security

Specify whether requests without transport security will be rejected. JWT requires transport security (e.g. TLS, SSL) to provide protection against a variety of attacks.

Multiexcerpt include
SpaceWithExcerptINTERNAL
MultiExcerptNameapi_behind_proxy
PageWithExcerptINTERNAL:_api_excerpts

  • true: Reject any request without transport security (default).
  • false: Do not reject requests without transport security.
false
Strip TokensSpecify whether Authorization header or token query parameter should be removed before forwarding traffic to the API.
  • true: Remove any Authorization header or token query parameter before forwarding traffic to the API.
  • false: Do not remove Authorization header or token query parameter before forwarding traffic to the API (default).
false
Signing Key or URL to a JWK(S)Specify a signing key or a URL to a JWK(S) to validate JWT.Must be a Base-64 encoded string or a URL to a JWK(S).-
Key ID (kid) of JWK(S)

Specify the key id of the JWK(S) if you provided a JWK(S) URL.

a valid string-
Maximum Clock SkewSpecify the maximum allowed clock skew in seconds when validating exp (expiry) and nbf (not before) claims.a valid integer0

Required Claims

Specify a list of required claims. If a required claim is not present, access will be rejected.

All standard claims , custom claims and id token fields are available (case sensitive). A special value of access_token will forward the entire encoded token.
Nested claims can be accessed by using javascript dot syntax (e.g: address.country , address.formatted).		-
Forward Claim Information

Specify a list of fields from the JWT to be forwarded to the API as a header.

All standard claims , custom claims and id token fields are available (case sensitive). A special value of access_token will forward the entire encoded token.
Nested claims can be accessed by using javascript dot syntax (e.g: address.country , address.formatted).

-



Panel
titleOn this Page:

Table of Contents


Panel
titleRelated Pages:

Otp
Floatingfalse
maxHLevel2

rp